16.09.2022

Is cybersecurity a barrier to digital transformation in higher education?

During the Covid-19 lockdowns it became even more apparent how reliant we are, as a society, on technology. Everything from shopping to work meetings moved even further online, and we all had to adjust to a new way of interacting.

Some sectors, however, were more affected than others. Universities, for instance, switched to remote learning almost immediately, meaning that they had to get their digital systems up-and-running quickly to continue to provide courses for students from both the UK and overseas. However, outdated systems and infrastructure meant that hackers were able to infiltrate them, causing problems not only for the institutions but also the students.

Here, we examine whether cybersecurity is a barrier to digital transformation in higher education, and ask if universities are able to deliver when there’s so much holding them back.

Why do universities need digital transformation?
Regardless of lockdown, universities have been embracing technology for some time now. Many, however, have burdensome, outdated infrastructure systems which may not be fit for purpose, as well as a range of different applications that require students to access them through their own laptops or tablets.

In addition to this, many universities’ systems are linked but not standardised, providing an added challenge to digital transformation. As a result, a number of university systems have been hacked, jeopardising data and intellectual property, as well as privacy.

A report by Redscan, a cybersecurity firm, into university hacking which was published in July 2020 revealed that 54% of universities reported a data breach in 2019, with most reporting an average of two attacks per university.

During lockdown, the rapid change to online learning meant that universities developed lessons and resources which were available only online. This meant that students and teachers were using widely-commercially available SaaS products such as Dropbox and Microsoft, often from their own devices at home. Where they would previously have been protected from malware and phishing attempts, for example, by the universities’ defence systems, they were now vulnerable to attacks from increasingly sophisticated hackers, some of whom may have been after more than bank details.

The National Cyber Security Centre published a report in 2019 assessing the risk posed to UK universities, and found that most of the threats came from either criminals trying to make money, or nation states attempting to steal ‘personal data and intellectual property for strategic advantage’. This, the report states, has the potential to damage the value of sensitive research and intellectual property - particularly in STEM subjects - decrease private or public investment in universities, and damage the UK’s reputation as a world leader in research.

Clearly a new approach is needed.

What needs to happen?
There’s no doubt that universities are attempting to embrace digital transformation, but before that process can be complete security issues must be dealt with and technical transformation must take place.

Many technologies were rushed through at the start of the pandemic, and some are still vulnerable to attack, having pushed cybersecurity down the list of priorities in an attempt to normalise the learning environment as far as possible.
Unsecured wifi, inefficient anti-virus software and a lack of multi-factor authentication all contributed to cyber attacks, as did the sheer numbers of people involved, the inefficiency of security systems in people’s homes, and the wide geographical locations of both students and lecturers.

Higher education organisations must update their technology from the old, outdated systems that they currently use. IT and tech employees must implement procedures which insist on hardware-based security systems on devices, to prevent malware interventions below the operating system which can be vulnerable, and adopt rigorous security hygiene procedures.

Limiting access to sensitive information and requiring a Zero Trust framework, which requires multiple proofs of identity, is also effective against cyber threats - as are simpler options such as changing passwords regularly and using multi-factor authentication for logging in.

Training
Universities should also be training their staff and students in this new way of working. Many academic workers are reluctant to do away with paper-based learning, and some universities are actually seeing a pushback from employees against the paperless agenda.

Redscan’s report noted that only 54% of university staff received any security training and that the average spend on security training for staff was a mere £7,529 per year. Training for students was treated in a similar manner, with only 51% of universities offering security training for students proactively.

And, astonishingly, 12% of universities offer no kind of security training, guidance or support to their students whatsoever.

Funding
Lockdown changed how education was delivered, but for many students the restrictions were intolerable and they deferred their place or dropped out altogether. Many overseas students were also unable to attend the universities of their choice. This has had an impact on funding, both overall and in particular on cyber security.

Universities UK, the collective voice of 140 UK universities, estimates that in order to build up the necessary digital infrastructure, offer appropriate training to staff, and create course content suitable to be delivered online, universities each spent an extra £1m - £3m during 2020.

In order to keep themselves and their students safe in the future, they must also invest in software licences and additional security measures, all of which cost money and can be seen as a considerable barrier to digital transformation in this world of changing priorities.

Cybersecurity is vital for higher education institutions
Cybersecurity is rightly high on the agenda for universities as new and hybrid models of learning become more prevalent, post-pandemic, meaning that face-to-face teaching is relaxed and more emphasis is put on online lessons.

Given the problems that universities have faced over the past two years and the issues they face going forward, digital transformation must take place in an organic and methodical manner if the issues surrounding cybersecurity are not to be perceived as a barrier.

Get in touch
Follow our blog for the latest news and insights into technology and digital transformation. Alternatively, if you have any questions or want to learn more about how we help higher education organisations solve their talent and diversity challenges, connect with our specialist digital, data and tech experts on +44 020 8253 1800 or send us an email.
Posted by: Global Resourcing 0 comment(s)

Please enter your comments below: